Vulnerability in ".ani" files

Microsoft patches Windows vulnerability

Comment:

I am a release manager for a LAN with over 50,000 workstations ... and until today I had never heard of .ani files! According to the article these files are "used to change the cursor into an hourglass while a program works". Interestingly enough this morning my personal Windows XP Dell laptop was apparently stuck with what visually looked to me like a cursor turning into an hourglass. Be sure to read the entire article!

Excerpts:

The Redmond-based software company told customers last Thursday about a vulnerability in ".ani" files, which are used to change the cursor into an hourglass while a program works, or into a dancing animal or other animation on specially designed Web sites. Security experts said the hole was actively being exploited by hackers to install keystroke-logging programs.

Ken Dunham, director of the rapid response team at iDefense, the research division of VeriSign Inc., said a group of Chinese hackers was using the security hole to steal and sell log-ins to the popular "World of Warcraft" multiplayer computer game.

Customers whose Windows computers aren't set to automatically install critical patches can download the security update, MS07-017, from Microsoft's Web site.

Comment: You may think that I live on the "dark side of the moon" but truthfully, until today I had never heard of World of Warcraft!